Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.3R3-S3: Software Release Notification for JUNOS Software Version 18.3R3-S3

0

0

Article ID: TSB17823 TECHNICAL_BULLETINS Last Updated: 14 Jul 2020Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.3R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.3R3-S3 is now available.

18.3R3-S3 - List of Fixed issues

PR Number Synopsis Category: DOT1X
1504818 Authentication failure might occur on captive-portal
Product-Group=junos
On EX/MX/QFX/SRX platforms in case of captive-portal without dot1x stanza, when receiving the filter from the RADIUS for captive-portal user might lead to authentication failure for that user. This issue is seen only in the captive-portal configuration with RADIUS filter when dot1x stanza is not present.
PR Number Synopsis Category: EX4300 Platform
1502726 Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4300
Product-Group=junos
On EX4300 platform with Media Access Control Security (MACsec) configured, if there is high traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: QFX Access control list
1499918 Traffic drop might be observed after modifying FBF firewall filter
Product-Group=junos
On QFX5K platforms, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed.
PR Number Synopsis Category: QFX PFE CoS
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
1510365 Traffic might be forwarded to wrong queue when fixed classifier is used
Product-Group=junosvae
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: QFX PFE L2
1474142 Traffic might be affected if composite next hop is enabled
Product-Group=junos
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop.
PR Number Synopsis Category: Border Gateway Protocol
1396344 Processing a large scale as-path regex will cause the flap of the route protocols
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1499977 The rpd may crash if the import policy is changed to accept more routes that exceed the teardown function threshold
Product-Group=junos
On all platforms with BGP max-acceptance prefix limit (accepted-prefix-limit with teardown action) configured, the rpd crashes may occur when a policy change causes the number of routes being imported cross the configured threshold value and teardown action is being performed by the router.
PR Number Synopsis Category: MX Platform SW - UI management
1498538 SNMP polling does not show correct PSM jnxOperatingState when one of the PSM Inputs failed
Product-Group=junos
SNMP polling does not show correct PSM jnxOperatingState when one of the PSM Inputs failed or not exists
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1503657 The MAC address of the LT interface might not be installed in the EVPN database
Product-Group=junos
In EVPN-VXLAN (Ethernet Virtual Private Network - Virtual Extensible LAN) scenario if the LT (Logical Tunnel) interface is under the bridge-domain of the EVPN-VXLAN instance, the MAC address of the LT interface might not be installed in the EVPN database. Thus no type-2 EVPN route is generated for the LT interface which results in unnecessary flooding and replication by the remote EVPN peer in the network.
PR Number Synopsis Category: Express PFE L2 fwding Features
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1472643 Performing back-to-back rpd restarts might cause rpd to crash
Product-Group=junos
On all Junos platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 mins.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1462984 The H323 call with NAT64 cannot be established on the SRX5000 line of devices.
Product-Group=junos
On SRX5000 platforms, the H323 call with NAT enabled cannot be established when the H323 GK (Gatekeeper) works in direct mode.
PR Number Synopsis Category: JSR Infrastructure
1505864 SRX5k fails to upgrade to some Junos versions directly from 15.1X49 with "ERROR: unsupported h/w"
Product-Group=junos
On SRX5000 series, when upgrading Junos from a 15.1X49 release to specific higher Junos releases, the installation will fail with the message "ERROR: unsupported h/w". Affected target releases are Junos 18.4R3-S2 and 18.4R3-S3.
PR Number Synopsis Category: User Firewall related issues
1499090 Don't use capital characters for source-identity when using "show security match-policies" cmd.
Product-Group=junos
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy.
PR Number Synopsis Category: Layer 2 Circuit issues
1512834 The rpd might crash when deleting l2circuit configuration in a specific sequence
Product-Group=junos
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number Synopsis Category: Layer 2 Control Module
1505710 The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd
Product-Group=junos
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1512802 [MX] l2ald memory leak upon addition/deletion of vxlan routing-instances and interfaces
Product-Group=junos
On MX series platforms, l2ald (layer 2 address learning daemon) memory leaks upon addition/deletion of vxlan routing-instances and interfaces.
PR Number Synopsis Category: Path computation client daemon
1472825 Manually configured ERO on NS controller lost when PCEP session bounced
Product-Group=junos
On all Junos platform with Path Computation Element Protocol (PCEP) enabled, if PCEP session bounced druing Routing Engine (RE) switchover on a LSP ingress router, unexpacted delete message might be sent from Path Computation Client (PCC) to Path Computation Element (PCE) with North Star (NS) controller. In the end, manually configured explicit route object (ERO) for RSVP-TE based label switched path (LSP) on NS controller will be lost. However, traffic go through ERO set on NS controller is still normal.
PR Number Synopsis Category: PTP related issues.
1451950 FPC core may be seen after changing the configuration of PTP or Synchronous Ethernet.
Product-Group=junos
On the ACX/MX/QFX platform with PTP (Precision Time Protocol)/SyncE (Synchronous Ethernet) enabled, if configuration changes for the PTP/SyncE are combined with multiple events, the FPC core might be seen.
1458581 The "FPC X major errors" alarm may be raised after committing the PTP configuration change
Product-Group=junos
On MX router with MPC5/MPC6/MPC7/MPC8/MPC9/MPC10 installed environment, after committing the PTP configuration change, the "FPC X major errors" alarm may be raised. This issue may cause interface flap and traffic loss.
PR Number Synopsis Category: QFX platform optics related issues
1497947 lcmd core seen on QFX5210064C
Product-Group=junosvae
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts
PR Number Synopsis Category: QFX PFE Class of Services
1472771 DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000/EX4600 platforms
Product-Group=junos
On QFX5000/EX4600 platforms, if the interfaces are configured with the fixed classifiers, when some specific configuration changes are committed, for example, the same forwarding-class is applied to two different interfaces at the same time, and then the forwarding-class for one of the interfaces is changed and committed to a different value, the Differentiated Services code point (DSCP) marking might not be able to work as expected since both physical interfaces are still having the same forwarding-class mapped in the hardware table due to this issue.
PR Number Synopsis Category: QFX L2 PFE
1497993 Traffic might get dropped if AE member interface is deleted/added or a SFP of the AE member interface is unplugged/plugged
Product-Group=junos
On QFX5K/EX46xx platforms, if STP is configured on vlan but the AE interface which is part of that vlan is not configured with STP, after an AE member interface is deleted or a SFP of the AE member interface is unplugged, and when the deleted AE member interface is added back or the unplugged SFP is plugged again, traffic via that AE interface might get dropped. LACP and LLDP traffic are not affected by this issue.
PR Number Synopsis Category: Resource Reservation Protocol
1505834 The rpd process might crash with RSVP configured in a rare timing case
Product-Group=junos
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1496211 The B4 might not able to establish the softwire with AFTR
Product-Group=junos
In dual-stack lite (DS-Lite) scenario, if the DS-Lite softwire-initiator (such as B4) and the Address Family Transition Router (AFTR, it acted as softwire-concentrator) is deployed with service-set included multiple softwire-rules, the wrong rule-id might be chosen for the traffic including either normal data packet or Port Control Protocol (PCP) mapping requested from the basic bridging broadband (B4) subscribers. It might cause the failures on the allocation of subscribers and choice of softwire sessions, then the subscribers behind the B4 are unable to establish a softwire (an IPv4-over-IPv6 tunnel) to AFTR.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1513509 During route table object fetch failure, FPC may crash
Product-Group=junos
Due to rare timing issue, the FPC might crash because of route table object fetch failure in EVPN multihoming scenario.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1506747 Unexpected dual VRRP backup state might happen after performing two subsequent RE switchovers with 'track priority-hold-time' configured
Product-Group=junos
On all Junos platforms with dual REs installed, if 'track priority-hold-time' and 'track interface' are enabled in the same VRRP groups, after performing the second RE switchover in a shorter time than the group 'track priority-hold-time' configured timer after the first RE switchover, it may cause unexpected dual VRRP backup state followed by VRRP master re-election, and the traffic forwarded over VRRP VIP could be affected during this time.
 

18.3R3-S3 - List of Known issues

PR Number Synopsis Category: EX9200 Platform
1448368 EX9214 : Error "errorlib_set_error_log(): err_id(-1718026239)" are observed after reboot and macsec enabled link flap
Product-Group=junos
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number Synopsis Category: EX2300/3400 PFE
1462155 The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock
Product-Group=junosvae
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1481987 Multicast traffic loss could be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario
Product-Group=junos
On QFX5110 & QFX5120 platform, which is running as Layer 3 VxLAN gateway, if "igmp-snooping" is enabled in partial but not for all bridge-domains, multicast traffic loss could be observed in non-igmp snooping bridge-domains.
PR Number Synopsis Category: ACX PFE
1407098 High CPU utilization of fxpc process may be observed with class-of-service changes on interfaces
Product-Group=junos
On ACX5048/ACX5096 platforms, when applying COS configurations (schedulers related) on interfaces, the CPU utilization on fxpc process might be seen. And it might affect service.
PR Number Synopsis Category: "agentd" software daemon
1401817 The na-grpcd log file is not rotated and keeps growing until Routing Engine is out of disk space.
Product-Group=junos
In JET/Telemetry scenario, the Telemetry log file is not rotated and keep growing until Routing Engine (RE) is out of disk space, this might cause unexpected impact of RE, and eventually lead to RE crash. The fix has now been provided to set max allowable size to 50M and once the file reaches its max size, it will get rotated and compressed.
PR Number Synopsis Category: BBE Remote Access Server
1402653 The subscribers might need to take login retry in the scenario with high usage of the address pool
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
PR Number Synopsis Category: EVPN control plane issues
1485377 The ARP entry is gone from kernel after adding and deleting the virtual-gateway-address
Product-Group=junos
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel.
PR Number Synopsis Category: Flow Module
1489276 GRE/IPSec tunnel might not come up when 'set security flow no-local-favor-ecmp' command is configured
Product-Group=junos
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, GRE/IPSec tunnel might not come up.
PR Number Synopsis Category: Layer 2 Control Module
1473610 ERP might not come up properly when MSTP and ERP are enabled on the same interface.
Product-Group=junos
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1505976 VRRPv6 might not work in EVPN scenario
Product-Group=junos
In EVPN scenario with VRRPv6 used, the ethernet source mac address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master, as this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in EVPN database because NS from VRRPv6 master changes the mac-ip binding. Hence it has traffic impact.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1453893 FPC/PFE crash may happen with ATM MIC installed in the FPC
Product-Group=junos
FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1345506 The FPC might fail to boot after toggling back and forth between 15.1 release (any release where 'JUNOS OS runtime' < 20180321) and a later release
Product-Group=junos
After upgrading and downgrading between an older 15.1 release (any release where 'JUNOS OS runtime' < 20180321) without the fix for this PR and a later release that has extra optional platform packages (e.g 16.1), the system running 15.1 gets confused as to the state of such packages and discards them upon the the next upgrade to a later release. Thus, for example, changing Junos version between 16.1 -> 15.1 -> 16.1 may result in some PFE packages missing and therefore may prevent some MPCs from booting.
PR Number Synopsis Category: Kernel Stats Infrastructure
1462986 Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later.
Product-Group=junos
Slow response introduced with PR/1411303 fix, is getting resolved with this PR.
PR Number Synopsis Category: PTP related issues.
1507782 CLI knob to configure announce-interval as -3 so that the announce messages rate will be set to 8pps
Product-Group=junos
In PTP environment some vendor devices acting as slave expecting announce messages at an interval of -3 (8pps) from upstream master device. As of today announce message are configurable in range of 0 to 3. To support the above requirement engineering provided a hidden cli knob "set protocol ptp master announce-interval -3". In the networks/design where we have this requirement we can configure the hidden cli otherwise regular cli which is in the range (0 to 3) can be configurable. Both the cli knobs are mutually exclusive, commit error is expected if both are configured. This new change is applicable to ACX platforms only excluding ACX5k.
PR Number Synopsis Category: QFX ISSU Infrastructure
1490799 After ISSU/ISSR, a port using SR4/LR4 optics may not come up
Product-Group=junos
On QFX5100/5200 platforms, a port using SR4/LR4 optics might not come up after ISSU (In-Service Software Upgrade)/ISSR (In-Service Software Reboot).
PR Number Synopsis Category: QFX L2 PFE
1500825 The ERPS might not work correctly on QFX5k
Product-Group=junos
On QFX5k platforms, Ethernet ring protection switching (ERPS) might not work correctly due to ERPS instance programming failure in hardware which might cause loop in the network.
1515254 On QFX5000 and EX46xx with VXLAN enabled , ARP request may get dropped if storm control is configured
Product-Group=junos
ARP request get dropped on QFX5000 and EX46xx devices when all of the following condition are met. 1.Storm control is enabled on any of the port. 2.VXLAN is enabled 3.Arp-suppression is enabled.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1450046 All ingress packets are dropped if the traffic transit network is also the same network for LTE mPIM internal management.
Product-Group=junos
On SRX3xx platforms with the LTE mPIM in use, if the traffic transit network is also the same network for LTE mPIM internal management, all ingress packets are dropped.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic blackhole might occur
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.

 
Modification History:
First publish date 2020-07-14
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search